commit a6dbfe6906ebbb4bf0df29ba5813959656e5f87d

+35 -1

nixos/doc/manual/from_md/release-notes/rl-2305.section.xml

··· 30 </section> 31 <section xml:id="sec-release-23.05-incompatibilities"> 32 <title>Backward Incompatibilities</title> 33 - <itemizedlist spacing="compact"> 34 <listitem> 35 <para> 36 <literal>carnix</literal> and <literal>cratesIO</literal> has ··· 40 and 41 <link xlink:href="https://github.com/kolloch/crate2nix">crate2nix</link> 42 instead. 43 </para> 44 </listitem> 45 </itemizedlist>

··· 30 </section> 31 <section xml:id="sec-release-23.05-incompatibilities"> 32 <title>Backward Incompatibilities</title> 33 + <itemizedlist> 34 <listitem> 35 <para> 36 <literal>carnix</literal> and <literal>cratesIO</literal> has ··· 40 and 41 <link xlink:href="https://github.com/kolloch/crate2nix">crate2nix</link> 42 instead. 43 + </para> 44 + </listitem> 45 + <listitem> 46 + <para> 47 + The EC2 image module no longer fetches instance metadata in 48 + stage-1. This results in a significantly smaller initramfs, 49 + since network drivers no longer need to be included, and 50 + faster boots, since metadata fetching can happen in parallel 51 + with startup of other services. This breaks services which 52 + rely on metadata being present by the time stage-2 is entered. 53 + Anything which reads EC2 metadata from 54 + <literal>/etc/ec2-metadata</literal> should now have an 55 + <literal>after</literal> dependency on 56 + <literal>fetch-ec2-metadata.service</literal> 57 + </para> 58 + </listitem> 59 + <listitem> 60 + <para> 61 + The EC2 image module previously detected and automatically 62 + mounted ext3-formatted instance store devices and partitions 63 + in stage-1 (initramfs), storing <literal>/tmp</literal> on the 64 + first discovered device. This behaviour, which only catered to 65 + very specific use cases and could not be disabled, has been 66 + removed. Users relying on this should provide their own 67 + implementation, and probably use ext4 and perform the mount in 68 + stage-2. 69 + </para> 70 + </listitem> 71 + <listitem> 72 + <para> 73 + The EC2 image module previously detected and activated 74 + swap-formatted instance store devices and partitions in 75 + stage-1 (initramfs). This behaviour has been removed. Users 76 + relying on this should provide their own implementation. 77 </para> 78 </listitem> 79 </itemizedlist>

+7

nixos/doc/manual/release-notes/rl-2305.section.md

··· 22 23 - `carnix` and `cratesIO` has been removed due to being unmaintained, use alternatives such as [naersk](https://github.com/nix-community/naersk) and [crate2nix](https://github.com/kolloch/crate2nix) instead. 24 25 ## Other Notable Changes {#sec-release-23.05-notable-changes} 26 27

··· 22 23 - `carnix` and `cratesIO` has been removed due to being unmaintained, use alternatives such as [naersk](https://github.com/nix-community/naersk) and [crate2nix](https://github.com/kolloch/crate2nix) instead. 24 25 + - The EC2 image module no longer fetches instance metadata in stage-1. This results in a significantly smaller initramfs, since network drivers no longer need to be included, and faster boots, since metadata fetching can happen in parallel with startup of other services. 26 + This breaks services which rely on metadata being present by the time stage-2 is entered. Anything which reads EC2 metadata from `/etc/ec2-metadata` should now have an `after` dependency on `fetch-ec2-metadata.service` 27 + 28 + - The EC2 image module previously detected and automatically mounted ext3-formatted instance store devices and partitions in stage-1 (initramfs), storing `/tmp` on the first discovered device. This behaviour, which only catered to very specific use cases and could not be disabled, has been removed. Users relying on this should provide their own implementation, and probably use ext4 and perform the mount in stage-2. 29 + 30 + - The EC2 image module previously detected and activated swap-formatted instance store devices and partitions in stage-1 (initramfs). This behaviour has been removed. Users relying on this should provide their own implementation. 31 + 32 ## Other Notable Changes {#sec-release-23.05-notable-changes} 33 34

+2 -7

nixos/maintainers/scripts/ec2/amazon-image.nix

··· 43 44 sizeMB = mkOption { 45 type = with types; either (enum [ "auto" ]) int; 46 - default = if config.ec2.hvm then 2048 else 8192; 47 example = 8192; 48 description = lib.mdDoc "The size in MB of the image"; 49 }; ··· 60 '' 61 { modulesPath, ... }: { 62 imports = [ "''${modulesPath}/virtualisation/amazon-image.nix" ]; 63 - ${optionalString config.ec2.hvm '' 64 - ec2.hvm = true; 65 - ''} 66 ${optionalString config.ec2.efi '' 67 ec2.efi = true; 68 ''} ··· 129 pkgs = import ../../../.. { inherit (pkgs) system; }; # ensure we use the regular qemu-kvm package 130 131 fsType = "ext4"; 132 - partitionTableType = if config.ec2.efi then "efi" 133 - else if config.ec2.hvm then "legacy+gpt" 134 - else "none"; 135 136 diskSize = cfg.sizeMB; 137

··· 43 44 sizeMB = mkOption { 45 type = with types; either (enum [ "auto" ]) int; 46 + default = 2048; 47 example = 8192; 48 description = lib.mdDoc "The size in MB of the image"; 49 }; ··· 60 '' 61 { modulesPath, ... }: { 62 imports = [ "''${modulesPath}/virtualisation/amazon-image.nix" ]; 63 ${optionalString config.ec2.efi '' 64 ec2.efi = true; 65 ''} ··· 126 pkgs = import ../../../.. { inherit (pkgs) system; }; # ensure we use the regular qemu-kvm package 127 128 fsType = "ext4"; 129 + partitionTableType = if config.ec2.efi then "efi" else "legacy+gpt"; 130 131 diskSize = cfg.sizeMB; 132

+13 -82

nixos/modules/virtualisation/amazon-image.nix

··· 10 11 let 12 cfg = config.ec2; 13 - metadataFetcher = import ./ec2-metadata-fetcher.nix { 14 - inherit (pkgs) curl; 15 - targetRoot = "$targetRoot/"; 16 - wgetExtraOptions = "-q"; 17 - }; 18 in 19 20 { ··· 31 config = { 32 33 assertions = [ 34 - { assertion = cfg.hvm; 35 - message = "Paravirtualized EC2 instances are no longer supported."; 36 - } 37 - { assertion = cfg.efi -> cfg.hvm; 38 - message = "EC2 instances using EFI must be HVM instances."; 39 - } 40 { assertion = versionOlder config.boot.kernelPackages.kernel.version "5.17"; 41 message = "ENA driver fails to build with kernel >= 5.17"; 42 } 43 ]; 44 45 - boot.growPartition = cfg.hvm; 46 47 fileSystems."/" = mkIf (!cfg.zfs.enable) { 48 device = "/dev/disk/by-label/nixos"; ··· 64 boot.extraModulePackages = [ 65 config.boot.kernelPackages.ena 66 ]; 67 - boot.initrd.kernelModules = [ "xen-blkfront" "xen-netfront" ]; 68 - boot.initrd.availableKernelModules = [ "ixgbevf" "ena" "nvme" ]; 69 - boot.kernelParams = mkIf cfg.hvm [ "console=ttyS0,115200n8" "random.trust_cpu=on" ]; 70 71 # Prevent the nouveau kernel module from being loaded, as it 72 # interferes with the nvidia/nvidia-uvm modules needed for CUDA. ··· 74 # boot. 75 boot.blacklistedKernelModules = [ "nouveau" "xen_fbfront" ]; 76 77 - # Generate a GRUB menu. Amazon's pv-grub uses this to boot our kernel/initrd. 78 - boot.loader.grub.version = if cfg.hvm then 2 else 1; 79 - boot.loader.grub.device = if (cfg.hvm && !cfg.efi) then "/dev/xvda" else "nodev"; 80 - boot.loader.grub.extraPerEntryConfig = mkIf (!cfg.hvm) "root (hd0)"; 81 boot.loader.grub.efiSupport = cfg.efi; 82 boot.loader.grub.efiInstallAsRemovable = cfg.efi; 83 boot.loader.timeout = 1; ··· 87 terminal_input console serial 88 ''; 89 90 - boot.initrd.network.enable = true; 91 - 92 - # Mount all formatted ephemeral disks and activate all swap devices. 93 - # We cannot do this with the ‘fileSystems’ and ‘swapDevices’ options 94 - # because the set of devices is dependent on the instance type 95 - # (e.g. "m1.small" has one ephemeral filesystem and one swap device, 96 - # while "m1.large" has two ephemeral filesystems and no swap 97 - # devices). Also, put /tmp and /var on /disk0, since it has a lot 98 - # more space than the root device. Similarly, "move" /nix to /disk0 99 - # by layering a unionfs-fuse mount on top of it so we have a lot more space for 100 - # Nix operations. 101 - boot.initrd.postMountCommands = 102 - '' 103 - ${metadataFetcher} 104 - 105 - diskNr=0 106 - diskForUnionfs= 107 - for device in /dev/xvd[abcde]*; do 108 - if [ "$device" = /dev/xvda -o "$device" = /dev/xvda1 ]; then continue; fi 109 - fsType=$(blkid -o value -s TYPE "$device" || true) 110 - if [ "$fsType" = swap ]; then 111 - echo "activating swap device $device..." 112 - swapon "$device" || true 113 - elif [ "$fsType" = ext3 ]; then 114 - mp="/disk$diskNr" 115 - diskNr=$((diskNr + 1)) 116 - if mountFS "$device" "$mp" "" ext3; then 117 - if [ -z "$diskForUnionfs" ]; then diskForUnionfs="$mp"; fi 118 - fi 119 - else 120 - echo "skipping unknown device type $device" 121 - fi 122 - done 123 - 124 - if [ -n "$diskForUnionfs" ]; then 125 - mkdir -m 755 -p $targetRoot/$diskForUnionfs/root 126 - 127 - mkdir -m 1777 -p $targetRoot/$diskForUnionfs/root/tmp $targetRoot/tmp 128 - mount --bind $targetRoot/$diskForUnionfs/root/tmp $targetRoot/tmp 129 - 130 - if [ "$(cat "$metaDir/ami-manifest-path")" != "(unknown)" ]; then 131 - mkdir -m 755 -p $targetRoot/$diskForUnionfs/root/var $targetRoot/var 132 - mount --bind $targetRoot/$diskForUnionfs/root/var $targetRoot/var 133 - 134 - mkdir -p /unionfs-chroot/ro-nix 135 - mount --rbind $targetRoot/nix /unionfs-chroot/ro-nix 136 - 137 - mkdir -m 755 -p $targetRoot/$diskForUnionfs/root/nix 138 - mkdir -p /unionfs-chroot/rw-nix 139 - mount --rbind $targetRoot/$diskForUnionfs/root/nix /unionfs-chroot/rw-nix 140 - 141 - unionfs -o allow_other,cow,nonempty,chroot=/unionfs-chroot,max_files=32768 /rw-nix=RW:/ro-nix=RO $targetRoot/nix 142 - fi 143 - fi 144 - ''; 145 - 146 - boot.initrd.extraUtilsCommands = 147 - '' 148 - # We need swapon in the initrd. 149 - copy_bin_and_libs ${pkgs.util-linux}/sbin/swapon 150 - ''; 151 152 # Allow root logins only using the SSH key that the user specified 153 # at instance creation time. ··· 165 166 # Always include cryptsetup so that Charon can use it. 167 environment.systemPackages = [ pkgs.cryptsetup ]; 168 - 169 - boot.initrd.supportedFilesystems = [ "unionfs-fuse" ]; 170 171 # EC2 has its own NTP server provided by the hypervisor 172 networking.timeServers = [ "169.254.169.123" ];

··· 10 11 let 12 cfg = config.ec2; 13 in 14 15 { ··· 26 config = { 27 28 assertions = [ 29 { assertion = versionOlder config.boot.kernelPackages.kernel.version "5.17"; 30 message = "ENA driver fails to build with kernel >= 5.17"; 31 } 32 ]; 33 34 + boot.growPartition = true; 35 36 fileSystems."/" = mkIf (!cfg.zfs.enable) { 37 device = "/dev/disk/by-label/nixos"; ··· 53 boot.extraModulePackages = [ 54 config.boot.kernelPackages.ena 55 ]; 56 + boot.initrd.kernelModules = [ "xen-blkfront" ]; 57 + boot.initrd.availableKernelModules = [ "nvme" ]; 58 + boot.kernelParams = [ "console=ttyS0,115200n8" "random.trust_cpu=on" ]; 59 60 # Prevent the nouveau kernel module from being loaded, as it 61 # interferes with the nvidia/nvidia-uvm modules needed for CUDA. ··· 63 # boot. 64 boot.blacklistedKernelModules = [ "nouveau" "xen_fbfront" ]; 65 66 + boot.loader.grub.device = if cfg.efi then "nodev" else "/dev/xvda"; 67 boot.loader.grub.efiSupport = cfg.efi; 68 boot.loader.grub.efiInstallAsRemovable = cfg.efi; 69 boot.loader.timeout = 1; ··· 73 terminal_input console serial 74 ''; 75 76 + systemd.services.fetch-ec2-metadata = { 77 + wantedBy = [ "multi-user.target" ]; 78 + after = ["network-online.target"]; 79 + path = [ pkgs.curl ]; 80 + script = builtins.readFile ./ec2-metadata-fetcher.sh; 81 + serviceConfig.Type = "oneshot"; 82 + serviceConfig.StandardOutput = "journal+console"; 83 + }; 84 85 # Allow root logins only using the SSH key that the user specified 86 # at instance creation time. ··· 98 99 # Always include cryptsetup so that Charon can use it. 100 environment.systemPackages = [ pkgs.cryptsetup ]; 101 102 # EC2 has its own NTP server provided by the hypervisor 103 networking.timeServers = [ "169.254.169.123" ];

+3 -7

nixos/modules/virtualisation/amazon-options.nix

··· 2 let 3 inherit (lib) literalExpression types; 4 in { 5 options = { 6 ec2 = { 7 zfs = { ··· 40 }; 41 }); 42 }; 43 - }; 44 - hvm = lib.mkOption { 45 - default = lib.versionAtLeast config.system.stateVersion "17.03"; 46 - internal = true; 47 - description = lib.mdDoc '' 48 - Whether the EC2 instance is a HVM instance. 49 - ''; 50 }; 51 efi = lib.mkOption { 52 default = pkgs.stdenv.hostPlatform.isAarch64;

··· 2 let 3 inherit (lib) literalExpression types; 4 in { 5 + imports = [ 6 + (lib.mkRemovedOptionModule [ "ec2" "hvm" ] "Only HVM instances are supported, so specifying it is no longer necessary.") 7 + ]; 8 options = { 9 ec2 = { 10 zfs = { ··· 43 }; 44 }); 45 }; 46 }; 47 efi = lib.mkOption { 48 default = pkgs.stdenv.hostPlatform.isAarch64;

+1

nixos/modules/virtualisation/ec2-data.nix

··· 18 19 wantedBy = [ "multi-user.target" "sshd.service" ]; 20 before = [ "sshd.service" ]; 21 22 path = [ pkgs.iproute2 ]; 23

··· 18 19 wantedBy = [ "multi-user.target" "sshd.service" ]; 20 before = [ "sshd.service" ]; 21 + after = ["fetch-ec2-metadata.service"]; 22 23 path = [ pkgs.iproute2 ]; 24

-77

nixos/modules/virtualisation/ec2-metadata-fetcher.nix

··· 1 - { curl, targetRoot, wgetExtraOptions }: 2 - # Note: be very cautious about dependencies, each dependency grows 3 - # the closure of the initrd. Ideally we would not even require curl, 4 - # but there is no reasonable way to send an HTTP PUT request without 5 - # it. Note: do not be fooled: the wget referenced in this script 6 - # is busybox's wget, not the fully featured one with --method support. 7 - # 8 - # Make sure that every package you depend on here is already listed as 9 - # a channel blocker for both the full-sized and small channels. 10 - # Otherwise, we risk breaking user deploys in released channels. 11 - # 12 - # Also note: OpenStack's metadata service for its instances aims to be 13 - # compatible with the EC2 IMDS. Where possible, try to keep the set of 14 - # fetched metadata in sync with ./openstack-metadata-fetcher.nix . 15 - '' 16 - metaDir=${targetRoot}etc/ec2-metadata 17 - mkdir -m 0755 -p "$metaDir" 18 - rm -f "$metaDir/*" 19 - 20 - get_imds_token() { 21 - # retry-delay of 1 selected to give the system a second to get going, 22 - # but not add a lot to the bootup time 23 - ${curl}/bin/curl \ 24 - -v \ 25 - --retry 3 \ 26 - --retry-delay 1 \ 27 - --fail \ 28 - -X PUT \ 29 - --connect-timeout 1 \ 30 - -H "X-aws-ec2-metadata-token-ttl-seconds: 600" \ 31 - http://169.254.169.254/latest/api/token 32 - } 33 - 34 - preflight_imds_token() { 35 - # retry-delay of 1 selected to give the system a second to get going, 36 - # but not add a lot to the bootup time 37 - ${curl}/bin/curl \ 38 - -v \ 39 - --retry 3 \ 40 - --retry-delay 1 \ 41 - --fail \ 42 - --connect-timeout 1 \ 43 - -H "X-aws-ec2-metadata-token: $IMDS_TOKEN" \ 44 - http://169.254.169.254/1.0/meta-data/instance-id 45 - } 46 - 47 - try=1 48 - while [ $try -le 3 ]; do 49 - echo "(attempt $try/3) getting an EC2 instance metadata service v2 token..." 50 - IMDS_TOKEN=$(get_imds_token) && break 51 - try=$((try + 1)) 52 - sleep 1 53 - done 54 - 55 - if [ "x$IMDS_TOKEN" == "x" ]; then 56 - echo "failed to fetch an IMDS2v token." 57 - fi 58 - 59 - try=1 60 - while [ $try -le 10 ]; do 61 - echo "(attempt $try/10) validating the EC2 instance metadata service v2 token..." 62 - preflight_imds_token && break 63 - try=$((try + 1)) 64 - sleep 1 65 - done 66 - 67 - echo "getting EC2 instance metadata..." 68 - 69 - wget_imds() { 70 - wget ${wgetExtraOptions} --header "X-aws-ec2-metadata-token: $IMDS_TOKEN" "$@"; 71 - } 72 - 73 - wget_imds -O "$metaDir/ami-manifest-path" http://169.254.169.254/1.0/meta-data/ami-manifest-path 74 - (umask 077 && wget_imds -O "$metaDir/user-data" http://169.254.169.254/1.0/user-data) 75 - wget_imds -O "$metaDir/hostname" http://169.254.169.254/1.0/meta-data/hostname 76 - wget_imds -O "$metaDir/public-keys-0-openssh-key" http://169.254.169.254/1.0/meta-data/public-keys/0/openssh-key 77 - ''

···

+67

nixos/modules/virtualisation/ec2-metadata-fetcher.sh

···

··· 1 + metaDir=/etc/ec2-metadata 2 + mkdir -m 0755 -p "$metaDir" 3 + rm -f "$metaDir/*" 4 + 5 + get_imds_token() { 6 + # retry-delay of 1 selected to give the system a second to get going, 7 + # but not add a lot to the bootup time 8 + curl \ 9 + --silent \ 10 + --show-error \ 11 + --retry 3 \ 12 + --retry-delay 1 \ 13 + --fail \ 14 + -X PUT \ 15 + --connect-timeout 1 \ 16 + -H "X-aws-ec2-metadata-token-ttl-seconds: 600" \ 17 + http://169.254.169.254/latest/api/token 18 + } 19 + 20 + preflight_imds_token() { 21 + # retry-delay of 1 selected to give the system a second to get going, 22 + # but not add a lot to the bootup time 23 + curl \ 24 + --silent \ 25 + --show-error \ 26 + --retry 3 \ 27 + --retry-delay 1 \ 28 + --fail \ 29 + --connect-timeout 1 \ 30 + -H "X-aws-ec2-metadata-token: $IMDS_TOKEN" \ 31 + -o /dev/null \ 32 + http://169.254.169.254/1.0/meta-data/instance-id 33 + } 34 + 35 + try=1 36 + while [ $try -le 3 ]; do 37 + echo "(attempt $try/3) getting an EC2 instance metadata service v2 token..." 38 + IMDS_TOKEN=$(get_imds_token) && break 39 + try=$((try + 1)) 40 + sleep 1 41 + done 42 + 43 + if [ "x$IMDS_TOKEN" == "x" ]; then 44 + echo "failed to fetch an IMDS2v token." 45 + fi 46 + 47 + try=1 48 + while [ $try -le 10 ]; do 49 + echo "(attempt $try/10) validating the EC2 instance metadata service v2 token..." 50 + preflight_imds_token && break 51 + try=$((try + 1)) 52 + sleep 1 53 + done 54 + 55 + echo "getting EC2 instance metadata..." 56 + 57 + get_imds() { 58 + # Intentionally no --fail here, so that we proceed even if e.g. a 59 + # 404 was returned (but we still fail if we can't reach the IMDS 60 + # server). 61 + curl --silent --show-error --header "X-aws-ec2-metadata-token: $IMDS_TOKEN" "$@" 62 + } 63 + 64 + get_imds -o "$metaDir/ami-manifest-path" http://169.254.169.254/1.0/meta-data/ami-manifest-path 65 + (umask 077 && get_imds -o "$metaDir/user-data" http://169.254.169.254/1.0/user-data) 66 + get_imds -o "$metaDir/hostname" http://169.254.169.254/1.0/meta-data/hostname 67 + get_imds -o "$metaDir/public-keys-0-openssh-key" http://169.254.169.254/1.0/meta-data/public-keys/0/openssh-key

+1 -1

nixos/tests/all-tests.nix

··· 480 pam-u2f = handleTest ./pam/pam-u2f.nix {}; 481 pam-ussh = handleTest ./pam/pam-ussh.nix {}; 482 pass-secret-service = handleTest ./pass-secret-service.nix {}; 483 - patroni = handleTest ./patroni.nix {}; 484 pantalaimon = handleTest ./matrix/pantalaimon.nix {}; 485 pantheon = handleTest ./pantheon.nix {}; 486 paperless = handleTest ./paperless.nix {};

··· 480 pam-u2f = handleTest ./pam/pam-u2f.nix {}; 481 pam-ussh = handleTest ./pam/pam-ussh.nix {}; 482 pass-secret-service = handleTest ./pass-secret-service.nix {}; 483 + patroni = handleTestOn ["x86_64-linux"] ./patroni.nix {}; 484 pantalaimon = handleTest ./matrix/pantalaimon.nix {}; 485 pantheon = handleTest ./pantheon.nix {}; 486 paperless = handleTest ./paperless.nix {};

-2

nixos/tests/ec2.nix

··· 16 ../modules/testing/test-instrumentation.nix 17 ../modules/profiles/qemu-guest.nix 18 { 19 - ec2.hvm = true; 20 - 21 # Hack to make the partition resizing work in QEMU. 22 boot.initrd.postDeviceCommands = mkBefore '' 23 ln -s vda /dev/xvda

··· 16 ../modules/testing/test-instrumentation.nix 17 ../modules/profiles/qemu-guest.nix 18 { 19 # Hack to make the partition resizing work in QEMU. 20 boot.initrd.postDeviceCommands = mkBefore '' 21 ln -s vda /dev/xvda

+2

nixos/tests/patroni.nix

··· 166 167 start_all() 168 169 with subtest("should bootstrap a new patroni cluster"): 170 wait_for_all_nodes_ready() 171

··· 166 167 start_all() 168 169 + etcd.wait_for_unit("etcd.service") 170 + 171 with subtest("should bootstrap a new patroni cluster"): 172 wait_for_all_nodes_ready() 173

+8 -6

pkgs/applications/editors/emacs/generic.nix

··· 144 ++ lib.optionals stdenv.isLinux [ dbus libselinux alsa-lib acl gpm ] 145 ++ lib.optionals withSystemd [ systemd ] 146 ++ lib.optionals withX 147 - [ xlibsWrapper libXaw Xaw3d libXpm libpng libjpeg giflib libtiff libXft 148 - gconf cairo ] 149 - ++ lib.optionals (withX || withNS) [ librsvg ] 150 ++ lib.optionals withImageMagick [ imagemagick ] 151 ++ lib.optionals (stdenv.isLinux && withX) [ m17n_lib libotf ] 152 ++ lib.optional (withX && withGTK2) gtk2-x11 ··· 178 then [ "--disable-ns-self-contained" ] 179 else if withX 180 then [ "--with-x-toolkit=${toolkit}" "--with-xft" "--with-cairo" ] 181 - else [ "--with-x=no" "--with-xpm=no" "--with-jpeg=no" "--with-png=no" 182 - "--with-gif=no" "--with-tiff=no" ]) 183 ++ lib.optionals withMacport [ 184 "--with-mac" 185 "--enable-mac-app=$$out/Applications" ··· 189 ++ lib.optional withXwidgets "--with-xwidgets" 190 ++ lib.optional nativeComp "--with-native-compilation" 191 ++ lib.optional withImageMagick "--with-imagemagick" 192 - ++ lib.optional withPgtk "--with-pgtk" 193 ++ lib.optional withXinput2 "--with-xinput2" 194 ++ lib.optional (!withToolkitScrollBars) "--without-toolkit-scroll-bars" 195 ;

··· 144 ++ lib.optionals stdenv.isLinux [ dbus libselinux alsa-lib acl gpm ] 145 ++ lib.optionals withSystemd [ systemd ] 146 ++ lib.optionals withX 147 + [ xlibsWrapper libXaw Xaw3d gconf cairo ] 148 + ++ lib.optionals (withX || withPgtk) 149 + [ libXpm libpng libjpeg giflib libtiff ] 150 + ++ lib.optionals (withX || withNS || withPgtk ) [ librsvg ] 151 ++ lib.optionals withImageMagick [ imagemagick ] 152 ++ lib.optionals (stdenv.isLinux && withX) [ m17n_lib libotf ] 153 ++ lib.optional (withX && withGTK2) gtk2-x11 ··· 179 then [ "--disable-ns-self-contained" ] 180 else if withX 181 then [ "--with-x-toolkit=${toolkit}" "--with-xft" "--with-cairo" ] 182 + else if withPgtk 183 + then [ "--with-pgtk" ] 184 + else [ "--with-x=no" "--with-xpm=no" "--with-jpeg=no" "--with-png=no" 185 + "--with-gif=no" "--with-tiff=no" ]) 186 ++ lib.optionals withMacport [ 187 "--with-mac" 188 "--enable-mac-app=$$out/Applications" ··· 192 ++ lib.optional withXwidgets "--with-xwidgets" 193 ++ lib.optional nativeComp "--with-native-compilation" 194 ++ lib.optional withImageMagick "--with-imagemagick" 195 ++ lib.optional withXinput2 "--with-xinput2" 196 ++ lib.optional (!withToolkitScrollBars) "--without-toolkit-scroll-bars" 197 ;

+6 -6

pkgs/applications/networking/browsers/chromium/upstream-info.json

··· 32 } 33 }, 34 "dev": { 35 - "version": "109.0.5410.0", 36 - "sha256": "00g8q0qzl8kyc9j60nsvvjkr2x9js2xvbkmwp77p8b6gg0pyymjn", 37 - "sha256bin64": "0ljhc5lqdy01apzyj96xzl931d904i37x62257s1h35w0j78mps0", 38 "deps": { 39 "gn": { 40 - "version": "2022-10-28", 41 "url": "https://gn.googlesource.com/gn", 42 - "rev": "a4d67be044b42963de801001e7146f9657c7fad4", 43 - "sha256": "0wikkkx503ip5xr72bz6d6sh2k50h5wlz9y8vmasvnrz9kjmlv5b" 44 } 45 } 46 },

··· 32 } 33 }, 34 "dev": { 35 + "version": "109.0.5414.10", 36 + "sha256": "05yhfb5gznllh9rm6jhzaakj5kvdlxa8c4zqml10h297dbyr44bf", 37 + "sha256bin64": "01fzjxrgzhccj75gvqj5w2xhqrphwzycdfqbsd6nc5p08jizpvy0", 38 "deps": { 39 "gn": { 40 + "version": "2022-11-10", 41 "url": "https://gn.googlesource.com/gn", 42 + "rev": "1c4151ff5c1d6fbf7fa800b8d4bb34d3abc03a41", 43 + "sha256": "02621c9nqpr4pwcapy31x36l5kbyd0vdgd0wdaxj5p8hrxk67d6b" 44 } 45 } 46 },

+3 -1

pkgs/applications/radio/csdr/default.nix

··· 23 libsamplerate 24 ]; 25 26 postFixup = '' 27 substituteInPlace "$out"/lib/pkgconfig/csdr.pc \ 28 --replace '=''${prefix}//' '=/' \ ··· 30 ''; 31 32 meta = with lib; { 33 - broken = stdenv.isDarwin; 34 homepage = "https://github.com/jketterl/csdr"; 35 description = "A simple DSP library and command-line tool for Software Defined Radio"; 36 license = licenses.gpl3Only; 37 platforms = platforms.unix; 38 maintainers = teams.c3d2.members; 39 }; 40 }

··· 23 libsamplerate 24 ]; 25 26 + hardeningDisable = lib.optional stdenv.isAarch64 "format"; 27 + 28 postFixup = '' 29 substituteInPlace "$out"/lib/pkgconfig/csdr.pc \ 30 --replace '=''${prefix}//' '=/' \ ··· 32 ''; 33 34 meta = with lib; { 35 homepage = "https://github.com/jketterl/csdr"; 36 description = "A simple DSP library and command-line tool for Software Defined Radio"; 37 license = licenses.gpl3Only; 38 platforms = platforms.unix; 39 + broken = stdenv.isDarwin; 40 maintainers = teams.c3d2.members; 41 }; 42 }

+15 -4

pkgs/development/compilers/mit-scheme/default.nix

··· 1 - { fetchurl, lib, stdenv, makeWrapper, gnum4, texinfo, texLive, automake, 2 - autoconf, libtool, ghostscript, ncurses, 3 - enableX11 ? false, xlibsWrapper }: 4 5 let 6 version = "11.2"; ··· 29 sha256 = "17822hs9y07vcviv2af17p3va7qh79dird49nj50bwi9rz64ia3w"; 30 }; 31 32 - buildInputs = [ ncurses ] ++ lib.optional enableX11 xlibsWrapper; 33 34 configurePhase = '' 35 runHook preConfigure

··· 1 + { fetchurl 2 + , lib 3 + , stdenv 4 + , makeWrapper 5 + , gnum4 6 + , texinfo 7 + , texLive 8 + , automake 9 + , autoconf 10 + , libtool 11 + , ghostscript 12 + , ncurses 13 + , enableX11 ? false, libX11 14 + }: 15 16 let 17 version = "11.2"; ··· 40 sha256 = "17822hs9y07vcviv2af17p3va7qh79dird49nj50bwi9rz64ia3w"; 41 }; 42 43 + buildInputs = [ ncurses ] ++ lib.optionals enableX11 [ libX11 ]; 44 45 configurePhase = '' 46 runHook preConfigure

+2 -2

pkgs/development/libraries/science/astronomy/cfitsio/default.nix

··· 2 3 stdenv.mkDerivation rec { 4 pname = "cfitsio"; 5 - version = "4.1.0"; 6 7 src = fetchurl { 8 url = "https://heasarc.gsfc.nasa.gov/FTP/software/fitsio/c/cfitsio-${version}.tar.gz"; 9 - sha256 = "sha256-s2fGldKDGVjnFmkhw7NW1d+lGx7O5QW5dBa6OdG2wXo="; 10 }; 11 12 buildInputs = [ bzip2 zlib ];

··· 2 3 stdenv.mkDerivation rec { 4 pname = "cfitsio"; 5 + version = "4.2.0"; 6 7 src = fetchurl { 8 url = "https://heasarc.gsfc.nasa.gov/FTP/software/fitsio/c/cfitsio-${version}.tar.gz"; 9 + sha256 = "sha256-66U9Gz9uNFYyuwmnt1LsfO09Y+xRU6hIOA84gMXWGIk="; 10 }; 11 12 buildInputs = [ bzip2 zlib ];

+4 -3

pkgs/development/python-modules/aiocoap/default.nix

··· 8 9 buildPythonPackage rec { 10 pname = "aiocoap"; 11 - version = "0.4.4"; 12 format = "setuptools"; 13 14 disabled = pythonOlder "3.7"; ··· 16 src = fetchFromGitHub { 17 owner = "chrysn"; 18 repo = pname; 19 - rev = version; 20 - sha256 = "sha256-m/tU1qf+CB9/2eoXktpBSgwjj8lMuMQ/WGYL6HhMNxA="; 21 }; 22 23 propagatedBuildInputs = [ ··· 47 meta = with lib; { 48 description = "Python CoAP library"; 49 homepage = "https://aiocoap.readthedocs.io/"; 50 license = with licenses; [ mit ]; 51 maintainers = with maintainers; [ fab ]; 52 };

··· 8 9 buildPythonPackage rec { 10 pname = "aiocoap"; 11 + version = "0.4.5"; 12 format = "setuptools"; 13 14 disabled = pythonOlder "3.7"; ··· 16 src = fetchFromGitHub { 17 owner = "chrysn"; 18 repo = pname; 19 + rev = "refs/tags/${version}"; 20 + hash = "sha256-t2yfWWfkJmOr14XdLsIV48HMgVRaEnUO4IG2jQHbKWA="; 21 }; 22 23 propagatedBuildInputs = [ ··· 47 meta = with lib; { 48 description = "Python CoAP library"; 49 homepage = "https://aiocoap.readthedocs.io/"; 50 + changelog = "https://github.com/chrysn/aiocoap/blob/${version}/NEWS"; 51 license = with licenses; [ mit ]; 52 maintainers = with maintainers; [ fab ]; 53 };

+3 -2

pkgs/development/python-modules/aiohomekit/default.nix

··· 18 19 buildPythonPackage rec { 20 pname = "aiohomekit"; 21 - version = "2.3.0"; 22 format = "pyproject"; 23 24 disabled = pythonOlder "3.9"; ··· 27 owner = "Jc2k"; 28 repo = pname; 29 rev = "refs/tags/${version}"; 30 - hash = "sha256-dX3yz7b3fejLFtlk5CKBQzk+o9FpLtxyZYt5SaybBJM="; 31 }; 32 33 nativeBuildInputs = [ ··· 69 Homekit accessories. 70 ''; 71 homepage = "https://github.com/Jc2k/aiohomekit"; 72 license = with licenses; [ asl20 ]; 73 maintainers = with maintainers; [ fab ]; 74 };

··· 18 19 buildPythonPackage rec { 20 pname = "aiohomekit"; 21 + version = "2.3.1"; 22 format = "pyproject"; 23 24 disabled = pythonOlder "3.9"; ··· 27 owner = "Jc2k"; 28 repo = pname; 29 rev = "refs/tags/${version}"; 30 + hash = "sha256-jkLbCx9F7bDg2wIiEVGkaFPOYg5CROp5lfR8ZGvkKhY="; 31 }; 32 33 nativeBuildInputs = [ ··· 69 Homekit accessories. 70 ''; 71 homepage = "https://github.com/Jc2k/aiohomekit"; 72 + changelog = "https://github.com/Jc2k/aiohomekit/releases/tag/${version}"; 73 license = with licenses; [ asl20 ]; 74 maintainers = with maintainers; [ fab ]; 75 };

+4 -3

pkgs/development/python-modules/griffe/default.nix

··· 12 13 buildPythonPackage rec { 14 pname = "griffe"; 15 - version = "0.24.0"; 16 format = "pyproject"; 17 18 disabled = pythonOlder "3.7"; ··· 20 src = fetchFromGitHub { 21 owner = "mkdocstrings"; 22 repo = pname; 23 - rev = version; 24 - hash = "sha256-Gcht9pmh15dvSHRsG9y82l4HoJ7l/gxbmrRh7Jow2Bs="; 25 }; 26 27 postPatch = '' ··· 59 meta = with lib; { 60 description = "Signatures for entire Python programs"; 61 homepage = "https://github.com/mkdocstrings/griffe"; 62 license = licenses.isc; 63 maintainers = with maintainers; [ fab ]; 64 };

··· 12 13 buildPythonPackage rec { 14 pname = "griffe"; 15 + version = "0.24.1"; 16 format = "pyproject"; 17 18 disabled = pythonOlder "3.7"; ··· 20 src = fetchFromGitHub { 21 owner = "mkdocstrings"; 22 repo = pname; 23 + rev = "refs/tags/${version}"; 24 + hash = "sha256-HOjwm/IktllmD7Gg9bu8NZqe2RazFC5MNMgH3cld6/8="; 25 }; 26 27 postPatch = '' ··· 59 meta = with lib; { 60 description = "Signatures for entire Python programs"; 61 homepage = "https://github.com/mkdocstrings/griffe"; 62 + changelog = "https://github.com/mkdocstrings/griffe/blob/${version}/CHANGELOG.md"; 63 license = licenses.isc; 64 maintainers = with maintainers; [ fab ]; 65 };

+48

pkgs/development/python-modules/masky/default.nix

···

··· 1 + { lib 2 + , asn1crypto 3 + , buildPythonPackage 4 + , colorama 5 + , cryptography 6 + , fetchFromGitHub 7 + , impacket 8 + , pyasn1 9 + , pythonOlder 10 + }: 11 + 12 + buildPythonPackage rec { 13 + pname = "masky"; 14 + version = "0.1.1"; 15 + format = "setuptools"; 16 + 17 + disabled = pythonOlder "3.7"; 18 + 19 + src = fetchFromGitHub { 20 + owner = "Z4kSec"; 21 + repo = "Masky"; 22 + rev = "refs/tags/v${version}"; 23 + hash = "sha256-uxq4SBudxFbBiV3Cu+oBRKezIWf5p+8VJlIIqQjtSXA="; 24 + }; 25 + 26 + propagatedBuildInputs = [ 27 + asn1crypto 28 + colorama 29 + cryptography 30 + impacket 31 + pyasn1 32 + ]; 33 + 34 + # Module has no tests 35 + doCheck = false; 36 + 37 + pythonImportsCheck = [ 38 + "masky" 39 + ]; 40 + 41 + meta = with lib; { 42 + description = "Library to remotely dump domain credentials"; 43 + homepage = "https://github.com/Z4kSec/Masky"; 44 + changelog = "https://github.com/Z4kSec/Masky/releases/tag/v${version}"; 45 + license = licenses.mit; 46 + maintainers = with maintainers; [ elasticdog ]; 47 + }; 48 + }

+5 -2

pkgs/development/python-modules/meshtastic/default.nix

··· 18 19 buildPythonPackage rec { 20 pname = "meshtastic"; 21 - version = "2.0.3"; 22 format = "setuptools"; 23 24 disabled = pythonOlder "3.7"; ··· 27 owner = "meshtastic"; 28 repo = "Meshtastic-python"; 29 rev = "refs/tags/${version}"; 30 - hash = "sha256-h8OuDmm9I8lElhAGSpPx8sPUTY+EnFp2VXOYrYjiYNk="; 31 }; 32 33 propagatedBuildInputs = [ ··· 98 "test_watchGPIOs" 99 "test_writeConfig_with_no_radioConfig" 100 "test_writeGPIOs" 101 ]; 102 103 meta = with lib; { 104 description = "Python API for talking to Meshtastic devices"; 105 homepage = "https://github.com/meshtastic/Meshtastic-python"; 106 license = with licenses; [ asl20 ]; 107 maintainers = with maintainers; [ fab ]; 108 };

··· 18 19 buildPythonPackage rec { 20 pname = "meshtastic"; 21 + version = "2.0.4"; 22 format = "setuptools"; 23 24 disabled = pythonOlder "3.7"; ··· 27 owner = "meshtastic"; 28 repo = "Meshtastic-python"; 29 rev = "refs/tags/${version}"; 30 + hash = "sha256-WPmoK/5pTVv9ueRnR6Gxtj86LM8ChB0dMfEvo+lLmy0="; 31 }; 32 33 propagatedBuildInputs = [ ··· 98 "test_watchGPIOs" 99 "test_writeConfig_with_no_radioConfig" 100 "test_writeGPIOs" 101 + "test_reboot" 102 + "test_shutdown" 103 ]; 104 105 meta = with lib; { 106 description = "Python API for talking to Meshtastic devices"; 107 homepage = "https://github.com/meshtastic/Meshtastic-python"; 108 + changelog = "https://github.com/meshtastic/python/releases/tag/${version}"; 109 license = with licenses; [ asl20 ]; 110 maintainers = with maintainers; [ fab ]; 111 };

+21 -5

pkgs/development/python-modules/ntlm-auth/default.nix

··· 4 , fetchFromGitHub 5 , mock 6 , pytestCheckHook 7 , requests 8 - , six 9 }: 10 11 buildPythonPackage rec { 12 pname = "ntlm-auth"; 13 version = "1.5.0"; 14 15 src = fetchFromGitHub { 16 owner = "jborean93"; 17 repo = "ntlm-auth"; 18 rev = "v${version}"; 19 - sha256 = "00dpf5bfsy07frsjihv1k10zmwcyq4bvkilbxha7h6nlwpcm2409"; 20 }; 21 22 propagatedBuildInputs = [ 23 cryptography 24 - six 25 ]; 26 27 checkInputs = [ ··· 30 requests 31 ]; 32 33 - pythonImportsCheck = [ "ntlm_auth" ]; 34 35 meta = with lib; { 36 description = "Calculates NTLM Authentication codes"; 37 homepage = "https://github.com/jborean93/ntlm-auth"; 38 license = licenses.mit; 39 maintainers = with maintainers; [ elasticdog ]; 40 - platforms = platforms.all; 41 }; 42 }

··· 4 , fetchFromGitHub 5 , mock 6 , pytestCheckHook 7 + , pythonOlder 8 , requests 9 }: 10 11 buildPythonPackage rec { 12 pname = "ntlm-auth"; 13 version = "1.5.0"; 14 + format = "setuptools"; 15 + 16 + disabled = pythonOlder "3.7"; 17 18 src = fetchFromGitHub { 19 owner = "jborean93"; 20 repo = "ntlm-auth"; 21 rev = "v${version}"; 22 + hash = "sha256-CRBR2eXUGngU7IvGuRfBnvH6QZhhwyh1dgd47VZxtwE="; 23 }; 24 25 propagatedBuildInputs = [ 26 cryptography 27 ]; 28 29 checkInputs = [ ··· 32 requests 33 ]; 34 35 + pythonImportsCheck = [ 36 + "ntlm_auth" 37 + ]; 38 + 39 + disabledTests = [ 40 + # Tests are outdated as module will be replaced by pyspnego 41 + "test_authenticate_message" 42 + "test_authenticate_without_domain_workstation" 43 + "test_create_authenticate_message" 44 + "test_get_" 45 + "test_lm_v" 46 + "test_nt_" 47 + "test_ntlm_context" 48 + "test_ntowfv" 49 + ]; 50 51 meta = with lib; { 52 description = "Calculates NTLM Authentication codes"; 53 homepage = "https://github.com/jborean93/ntlm-auth"; 54 + changelog = "https://github.com/jborean93/ntlm-auth/releases/tag/v${version}"; 55 license = licenses.mit; 56 maintainers = with maintainers; [ elasticdog ]; 57 }; 58 }

+3 -2

pkgs/development/python-modules/pytenable/default.nix

··· 20 21 buildPythonPackage rec { 22 pname = "pytenable"; 23 - version = "1.4.9"; 24 format = "setuptools"; 25 26 disabled = pythonOlder "3.7"; ··· 29 owner = "tenable"; 30 repo = "pyTenable"; 31 rev = "refs/tags/${version}"; 32 - hash = "sha256-Cj1/f/e+j5CJMl+afF+HStd419Uh053jKk/vmObaBl8="; 33 }; 34 35 propagatedBuildInputs = [ ··· 70 meta = with lib; { 71 description = "Python library for the Tenable.io and TenableSC API"; 72 homepage = "https://github.com/tenable/pyTenable"; 73 license = with licenses; [ mit ]; 74 maintainers = with maintainers; [ fab ]; 75 };

··· 20 21 buildPythonPackage rec { 22 pname = "pytenable"; 23 + version = "1.4.10"; 24 format = "setuptools"; 25 26 disabled = pythonOlder "3.7"; ··· 29 owner = "tenable"; 30 repo = "pyTenable"; 31 rev = "refs/tags/${version}"; 32 + hash = "sha256-BNPfoKXDLUckj/yg1Gz806CS5CyjWvc/Hy/NwnuWfo0="; 33 }; 34 35 propagatedBuildInputs = [ ··· 70 meta = with lib; { 71 description = "Python library for the Tenable.io and TenableSC API"; 72 homepage = "https://github.com/tenable/pyTenable"; 73 + changelog = "https://github.com/tenable/pyTenable/releases/tag/${version}"; 74 license = with licenses; [ mit ]; 75 maintainers = with maintainers; [ fab ]; 76 };

+3 -2

pkgs/development/python-modules/sensor-state-data/default.nix

··· 10 11 buildPythonPackage rec { 12 pname = "sensor-state-data"; 13 - version = "2.12.0"; 14 format = "pyproject"; 15 16 disabled = pythonOlder "3.9"; ··· 19 owner = "Bluetooth-Devices"; 20 repo = pname; 21 rev = "refs/tags/v${version}"; 22 - hash = "sha256-u17vtw3yu8ibi/omTriy6s33/243WjxM03Nss3pFAYk="; 23 }; 24 25 nativeBuildInputs = [ ··· 42 meta = with lib; { 43 description = "Models for storing and converting Sensor Data state"; 44 homepage = "https://github.com/bluetooth-devices/sensor-state-data"; 45 license = with licenses; [ asl20 ]; 46 maintainers = with maintainers; [ fab ]; 47 };

··· 10 11 buildPythonPackage rec { 12 pname = "sensor-state-data"; 13 + version = "2.12.1"; 14 format = "pyproject"; 15 16 disabled = pythonOlder "3.9"; ··· 19 owner = "Bluetooth-Devices"; 20 repo = pname; 21 rev = "refs/tags/v${version}"; 22 + hash = "sha256-Ycn62qQ+IMqtuuE/wJPUDlyTiklu2WYrGD+wVXssRFg="; 23 }; 24 25 nativeBuildInputs = [ ··· 42 meta = with lib; { 43 description = "Models for storing and converting Sensor Data state"; 44 homepage = "https://github.com/bluetooth-devices/sensor-state-data"; 45 + changelog = "https://github.com/Bluetooth-Devices/sensor-state-data/releases/tag/v${version}"; 46 license = with licenses; [ asl20 ]; 47 maintainers = with maintainers; [ fab ]; 48 };

+5 -5

pkgs/servers/etcd/3.5.nix

··· 1 { lib, buildGoModule, fetchFromGitHub, symlinkJoin }: 2 3 let 4 - version = "3.5.5"; 5 6 src = fetchFromGitHub { 7 owner = "etcd-io"; 8 repo = "etcd"; 9 rev = "v${version}"; 10 - sha256 = "sha256-V10aeYwr1ZS990lYZELJjq8NX7cBs0bzlYYzoYWS3zQ="; 11 }; 12 13 CGO_ENABLED = 0; ··· 25 26 inherit CGO_ENABLED meta src version; 27 28 - vendorSha256 = "sha256-BTIrLgUXnV+0d0DTKE3TvvW2JH4oSE+SnJs+yfH26Ms="; 29 30 modRoot = "./server"; 31 ··· 45 46 inherit CGO_ENABLED meta src version; 47 48 - vendorSha256 = "sha256-yUgrKIjCtYTLmdZe1p9Rx9MUZzqOAmNF4tUckJgF8Ks="; 49 50 modRoot = "./etcdutl"; 51 }; ··· 55 56 inherit CGO_ENABLED meta src version; 57 58 - vendorSha256 = "sha256-qT8OJg4aTzz0p0s6yhmDYcfJ0p9KNbnlRbOCfOao0vk="; 59 60 modRoot = "./etcdctl"; 61 };

··· 1 { lib, buildGoModule, fetchFromGitHub, symlinkJoin }: 2 3 let 4 + version = "3.5.6"; 5 6 src = fetchFromGitHub { 7 owner = "etcd-io"; 8 repo = "etcd"; 9 rev = "v${version}"; 10 + sha256 = "sha256-KQ3N6HBgdLnS/8UprT99gH9ttsy2cgfaWSL/ILX6t1A="; 11 }; 12 13 CGO_ENABLED = 0; ··· 25 26 inherit CGO_ENABLED meta src version; 27 28 + vendorSha256 = "sha256-u4N8YXmnVk5flPimdE4olr/1hVZoEDEgUwXRRTlX51o="; 29 30 modRoot = "./server"; 31 ··· 45 46 inherit CGO_ENABLED meta src version; 47 48 + vendorSha256 = "sha256-J4qW2Dzpwk85XW3oWvT1F5ec/jzkcLbTC+1CMBztWRw="; 49 50 modRoot = "./etcdutl"; 51 }; ··· 55 56 inherit CGO_ENABLED meta src version; 57 58 + vendorSha256 = "sha256-+5zWXVErkFAvtkpNQtKn/jLOGUdHkXgeZWI7/RIMgMQ="; 59 60 modRoot = "./etcdctl"; 61 };

+5 -4

pkgs/tools/networking/chaos/default.nix

··· 5 6 buildGoModule rec { 7 pname = "chaos"; 8 - version = "0.3.0"; 9 10 src = fetchFromGitHub { 11 owner = "projectdiscovery"; 12 repo = "chaos-client"; 13 - rev = "v${version}"; 14 - sha256 = "sha256-1bmKIBbsZHNzwFZ0iPshXclCTcQMzU7zRs5MjMhTFYU="; 15 }; 16 17 - vendorSha256 = "sha256-2QOdqX4JX9A/i1+qqemVq47PQfqDnxkj0EQMzK8k8/E="; 18 19 subPackages = [ 20 "cmd/chaos/" ··· 23 meta = with lib; { 24 description = "Tool to communicate with Chaos DNS API"; 25 homepage = "https://github.com/projectdiscovery/chaos-client"; 26 license = licenses.mit; 27 maintainers = with maintainers; [ fab ]; 28 };

··· 5 6 buildGoModule rec { 7 pname = "chaos"; 8 + version = "0.4.0"; 9 10 src = fetchFromGitHub { 11 owner = "projectdiscovery"; 12 repo = "chaos-client"; 13 + rev = "refs/tags/v${version}"; 14 + hash = "sha256-NA78zMge9AsfqO1px1FWCDKmWy1a0h8dtTotpgLazh4="; 15 }; 16 17 + vendorHash = "sha256-KkT/mgU1BOwJcjxOBMCMq0hyxZAyoh25bi+s3ka6TOg="; 18 19 subPackages = [ 20 "cmd/chaos/" ··· 23 meta = with lib; { 24 description = "Tool to communicate with Chaos DNS API"; 25 homepage = "https://github.com/projectdiscovery/chaos-client"; 26 + changelog = "https://github.com/projectdiscovery/chaos-client/releases/tag/v${version}"; 27 license = licenses.mit; 28 maintainers = with maintainers; [ fab ]; 29 };

+3 -3

pkgs/tools/networking/minio-client/default.nix

··· 2 3 buildGoModule rec { 4 pname = "minio-client"; 5 - version = "2022-11-07T23-47-39Z"; 6 7 src = fetchFromGitHub { 8 owner = "minio"; 9 repo = "mc"; 10 rev = "RELEASE.${version}"; 11 - sha256 = "sha256-g7q2VONGySMlw+aWZfWnZ2TVvV4lOGMNXl/4IRQrEOs="; 12 }; 13 14 - vendorSha256 = "sha256-KD3mhl5d3LhqH37AeNmfuk5+KktWdUTNGi5YNuhyMDk="; 15 16 subPackages = [ "." ]; 17

··· 2 3 buildGoModule rec { 4 pname = "minio-client"; 5 + version = "2022-11-17T21-20-39Z"; 6 7 src = fetchFromGitHub { 8 owner = "minio"; 9 repo = "mc"; 10 rev = "RELEASE.${version}"; 11 + sha256 = "sha256-z9XP2oTnyTJMAgyjC21uHL8vipyyuKKSGkXU8ASdXuI="; 12 }; 13 14 + vendorSha256 = "sha256-Nm3bKOGtMtvSI9XQU684emIupJ+y/AUbTUnqndOUPSo="; 15 16 subPackages = [ "." ]; 17

+7 -5

pkgs/tools/security/crackmapexec/default.nix

··· 5 6 python3.pkgs.buildPythonApplication rec { 7 pname = "crackmapexec"; 8 - version = "5.3.0"; 9 format = "pyproject"; 10 11 src = fetchFromGitHub { 12 - owner = "byt3bl33d3r"; 13 repo = "CrackMapExec"; 14 - rev = "v${version}"; 15 - hash = "sha256-wPS1PCvR9Ffp0r9lZZkFATt+i+eR5ap16HzLWDZbJKI="; 16 }; 17 18 nativeBuildInputs = with python3.pkgs; [ ··· 27 dsinternals 28 impacket 29 lsassy 30 msgpack 31 neo4j 32 paramiko ··· 56 57 meta = with lib; { 58 description = "Tool for pentesting networks"; 59 - homepage = "https://github.com/byt3bl33d3r/CrackMapExec"; 60 license = with licenses; [ bsd2 ]; 61 maintainers = with maintainers; [ fab ]; 62 mainProgram = "cme";

··· 5 6 python3.pkgs.buildPythonApplication rec { 7 pname = "crackmapexec"; 8 + version = "5.4.0"; 9 format = "pyproject"; 10 11 src = fetchFromGitHub { 12 + owner = "Porchetta-Industries"; 13 repo = "CrackMapExec"; 14 + rev = "refs/tags/v${version}"; 15 + hash = "sha256-V2n840QyLofTfQE4vtFYGfQwl65sklp+KfNS9RCLvI8="; 16 }; 17 18 nativeBuildInputs = with python3.pkgs; [ ··· 27 dsinternals 28 impacket 29 lsassy 30 + masky 31 msgpack 32 neo4j 33 paramiko ··· 57 58 meta = with lib; { 59 description = "Tool for pentesting networks"; 60 + homepage = "https://github.com/Porchetta-Industries/CrackMapExec"; 61 + changelog = "https://github.com/Porchetta-Industries/CrackMapExec/releases/tag/v${version}"; 62 license = with licenses; [ bsd2 ]; 63 maintainers = with maintainers; [ fab ]; 64 mainProgram = "cme";

+13 -20

pkgs/tools/security/echidna/default.nix

··· 1 { lib 2 , fetchFromGitHub 3 # Haskell deps 4 - , mkDerivation, aeson, ansi-terminal, base, base16-bytestring, binary, brick 5 - , bytestring, cborg, containers, data-dword, data-has, deepseq, directory 6 - , exceptions, filepath, hashable, hevm, hpack, lens, lens-aeson, megaparsec 7 - , MonadRandom, mtl, optparse-applicative, process, random, stm, tasty 8 - , tasty-hunit, tasty-quickcheck, temporary, text, transformers , unix, unliftio 9 - , unliftio-core, unordered-containers, vector, vector-instances, vty 10 - , wl-pprint-annotated, word8, yaml, extra, ListLike, semver 11 }: 12 mkDerivation rec { 13 pname = "echidna"; 14 - version = "2.0.3"; 15 16 src = fetchFromGitHub { 17 owner = "crytic"; 18 repo = "echidna"; 19 rev = "v${version}"; 20 - sha256 = "sha256-ZLk3K00O6aERf+G5SagDVUk1/ba9U+9n9dqCImkczJs="; 21 }; 22 23 - # NOTE: echidna is behind with aeson because of hevm, this patch updates 24 - # the code to work with the major aeson update that broke the build 25 - # it's temporary until hevm version 0.50.0 is released - https://github.com/ethereum/hevm/milestone/1 26 - patches = [ ./echidna-update-aeson.patch ]; 27 - 28 isLibrary = true; 29 isExecutable = true; 30 libraryHaskellDepends = [ 31 - aeson ansi-terminal base base16-bytestring binary brick bytestring cborg 32 - containers data-dword data-has deepseq directory exceptions filepath 33 - hashable hevm lens lens-aeson megaparsec MonadRandom mtl 34 - optparse-applicative process random stm temporary text transformers unix 35 - unliftio unliftio-core unordered-containers vector vector-instances vty 36 - wl-pprint-annotated word8 yaml extra ListLike semver 37 ]; 38 libraryToolDepends = [ hpack ]; 39 executableHaskellDepends = libraryHaskellDepends;

··· 1 { lib 2 , fetchFromGitHub 3 # Haskell deps 4 + , mkDerivation, aeson, base, base16-bytestring, binary, brick, bytestring 5 + , containers, data-dword, data-has, directory, exceptions, extra, filepath 6 + , hashable, hevm, hpack, html-entities, lens, ListLike, MonadRandom, mtl 7 + , optparse-applicative, process, random, semver, tasty, tasty-hunit 8 + , tasty-quickcheck, text, transformers, unix, unliftio, unordered-containers 9 + , vector, vector-instances, vty, yaml 10 }: 11 mkDerivation rec { 12 pname = "echidna"; 13 + version = "2.0.4"; 14 15 src = fetchFromGitHub { 16 owner = "crytic"; 17 repo = "echidna"; 18 rev = "v${version}"; 19 + sha256 = "sha256-DiEZGbd08QLP8zgrIssGYL6h18AprcWZSYp1mMu9TRw="; 20 }; 21 22 isLibrary = true; 23 isExecutable = true; 24 libraryHaskellDepends = [ 25 + aeson base base16-bytestring binary brick bytestring containers data-dword 26 + data-has directory exceptions extra filepath hashable hevm html-entities 27 + lens ListLike MonadRandom mtl optparse-applicative process random semver 28 + text transformers unix unliftio unordered-containers vector vector-instances 29 + vty yaml 30 ]; 31 libraryToolDepends = [ hpack ]; 32 executableHaskellDepends = libraryHaskellDepends;

-38

pkgs/tools/security/echidna/echidna-update-aeson.patch

··· 1 - diff --git a/lib/Echidna/Config.hs b/lib/Echidna/Config.hs 2 - index f8d5777..3d761fe 100644 3 - --- a/lib/Echidna/Config.hs 4 - +++ b/lib/Echidna/Config.hs 5 - @@ -13,8 +13,8 @@ import Control.Monad.State (StateT(..), runStateT) 6 - import Control.Monad.Trans (lift) 7 - import Data.Bool (bool) 8 - import Data.Aeson 9 - +import Data.Aeson.KeyMap (keys) 10 - import Data.Has (Has(..)) 11 - -import Data.HashMap.Strict (keys) 12 - import Data.HashSet (fromList, insert, difference) 13 - import Data.Maybe (fromMaybe) 14 - import Data.Text (isPrefixOf) 15 - @@ -23,11 +23,13 @@ import EVM.Types (w256) 16 - 17 - import qualified Control.Monad.Fail as M (MonadFail(..)) 18 - import qualified Data.ByteString as BS 19 - +import qualified Data.Aeson.Key as Key 20 - +import qualified Data.HashSet as HS 21 - import qualified Data.List.NonEmpty as NE 22 - import qualified Data.Yaml as Y 23 - 24 - import Echidna.Test 25 - -import Echidna.Types.Campaign 26 - +import Echidna.Types.Campaign 27 - import Echidna.Mutator.Corpus (defaultMutationConsts) 28 - import Echidna.Types.Config (EConfigWithUsage(..), EConfig(..)) 29 - import Echidna.Types.Solidity 30 - @@ -52,7 +54,7 @@ instance FromJSON EConfigWithUsage where 31 - _ -> mempty 32 - (c, ks) <- runStateT (parser v') $ fromList [] 33 - let found = fromList (keys v') 34 - - return $ EConfigWithUsage c (found `difference` ks) (ks `difference` found) 35 - + return $ EConfigWithUsage c (HS.map Key.toText $ found `difference` ks) (HS.map Key.toText $ ks `difference` found) 36 - -- this parser runs in StateT and comes equipped with the following 37 - -- equivalent unary operators: 38 - -- x .:? k (Parser) <==> x ..:? k (StateT)

···

+59

pkgs/tools/security/zlint/default.nix

···

··· 1 + { lib 2 + , buildGoModule 3 + , fetchFromGitHub 4 + , testers 5 + , zlint 6 + }: 7 + 8 + buildGoModule rec { 9 + pname = "zlint"; 10 + version = "3.4.0"; 11 + 12 + src = fetchFromGitHub { 13 + owner = "zmap"; 14 + repo = "zlint"; 15 + rev = "v${version}"; 16 + hash = "sha256-l39GdfEKUAw5DQNjx6ZBgfGtengRlUUasm0G07kAA2A="; 17 + }; 18 + 19 + modRoot = "v3"; 20 + 21 + vendorHash = "sha256-OiHEyMHuSiWDB/1YRvAhErb1h/rFfXXVcagcP386doc="; 22 + 23 + postPatch = '' 24 + # Remove a package which is not declared in go.mod. 25 + rm -rf v3/cmd/genTestCerts 26 + ''; 27 + 28 + subPackages = [ 29 + "cmd/zlint" 30 + "cmd/zlint-gtld-update" 31 + ]; 32 + 33 + ldflags = [ 34 + "-s" 35 + "-w" 36 + "-X main.version=${version}" 37 + ]; 38 + 39 + # Checks rely on .git directory, leaveDotGit makes the source derivation flaky. 40 + doCheck = false; 41 + 42 + passthru.tests.version = testers.testVersion { 43 + package = zlint; 44 + command = "zlint -version"; 45 + }; 46 + 47 + meta = with lib; { 48 + description = "X.509 Certificate Linter focused on Web PKI standards and requirements"; 49 + longDescription = '' 50 + ZLint is a X.509 certificate linter written in Go that checks for 51 + consistency with standards (e.g. RFC 5280) and other relevant PKI 52 + requirements (e.g. CA/Browser Forum Baseline Requirements). 53 + ''; 54 + homepage = "https://github.com/zmap/zlint"; 55 + changelog = "https://github.com/zmap/zlint/releases/tag/${src.rev}"; 56 + license = licenses.asl20; 57 + maintainers = with maintainers; [ baloo ]; 58 + }; 59 + }

+2

pkgs/top-level/all-packages.nix

··· 13297 13298 zkar = callPackage ../tools/security/zkar { }; 13299 13300 zmap = callPackage ../tools/security/zmap { }; 13301 13302 zpool-iostat-viz = callPackage ../tools/filesystems/zpool-iostat-viz { };

··· 13297 13298 zkar = callPackage ../tools/security/zkar { }; 13299 13300 + zlint = callPackage ../tools/security/zlint { }; 13301 + 13302 zmap = callPackage ../tools/security/zmap { }; 13303 13304 zpool-iostat-viz = callPackage ../tools/filesystems/zpool-iostat-viz { };

+2

pkgs/top-level/python-packages.nix

··· 5561 5562 mask-rcnn = callPackage ../development/python-modules/mask-rcnn { }; 5563 5564 mastodon-py = callPackage ../development/python-modules/mastodon-py { }; 5565 5566 mat2 = callPackage ../development/python-modules/mat2 { };

··· 5561 5562 mask-rcnn = callPackage ../development/python-modules/mask-rcnn { }; 5563 5564 + masky = callPackage ../development/python-modules/masky { }; 5565 + 5566 mastodon-py = callPackage ../development/python-modules/mastodon-py { }; 5567 5568 mat2 = callPackage ../development/python-modules/mat2 { };